While the primary purpose of Security Information Event Management (SIEM) is to improve cyberthreat detection and incident response capabilities, SIEM tools can also be critically important—if not mandated—for regulatory compliance. For example, the new US Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) requires some form of log monitoring solution.
To give SMBs a full-spectrum picture of SIEM considerations and benefits, a recent episode of The Virtual CISO Podcast featured host Danielle Russell, Director of Product Marketing Management for AT&T Cybersecurity, a leading SIEM provider. Host John Verry, Pivot Point’s CISO and Managing Partner, is also a strong SIEM proponent for SMBs.
Danielle notes that “compliance is a strong driver and strong motivator” for SIEM adoption. “When you look at any kind of compliance regime that has some cyber risk aspect, whether it’s PCI DSS, HIPAA or others, there’s usually some prescriptive log management type of function built into that.”
“Compliance is a strong driver and strong motivator” for SIEM adoption
Danielle relates that many organizations that are evaluating SIEM tools are either trying to prepare for an audit or have already failed an audit. “Unfortunately, too often the latter,” John concurs.
Why do so many regulations with information security and/or privacy components require some form of SIEM capability?
“The idea of why does it become important for an organization to maintain and to monitor logs, having that visibility, first and foremost, of the things that are happening within your network environment, or your cloud environment, or on your endpoints in real-time can give us information about a potential security incident or a threat, and give us the opportunity to disrupt or to mitigate that threat before it becomes some longstanding type of attack that an organization might not find out about for months until the attacker has taken off with a lot of data,” explains Danielle.
But even in the aftermath of a successful attack, a SIEM solution can support compliance from a forensic standpoint…
As Danielle points out, “In the event that you didn’t catch the attacker while they were in your environment, while they were moving laterally or escalating privilege in order to get to sensitive information, after the fact, if there were any implications from a compliance standpoint that would cause you to need to do some kind of forensic analysis or demonstrate that you were acting in good faith and you were doing what was reasonable to maintain those logs—that’s where it [a SIEM tool] also becomes important as well.”
In the end, a SIEM tool’s ability to compress the data breach lifecycle and thus reduce the risk of things like data loss or data exfiltration, potentially lessens compliance impacts and concerns. Further, by providing capabilities that are mandated for compliance with regulations like HIPAA and PCI, a SIEM tool potentially reduces the risk of negative compliance assessments, noncompliance incidents and/or concerns about tracking evolving compliance requirements.
These are significant benefits that SMBs should consider in their SIEM due diligence process.
This blog post is based on an episode of The Virtual CISO Podcast, with guest Danielle Russell. To hear this episode in its entirety along with a growing slate of equally valuable episodes, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can check out all our episodes here.